b"TREASURY INSPECTOR GENERAL FOR TAX ADMINISTRATION\n\n\n\n\n                 Oversight of the Electronic Fraud Detection\n                System Restoration Activities Has Improved,\n                              but Risks Remain\n\n\n\n                                          March 29, 2007\n\n                              Reference Number: 2007-20-052\n\n\n\n\n This report has cleared the Treasury Inspector General for Tax Administration disclosure review process\n  and information determined to be restricted from public release has been redacted from this document.\n\n Redaction Legend:\n 3(a) = Identifying Information - Name of an Individual or Individuals\n 3(d) = Identifying Information - Other Identifying Information of an Individual or Individuals\n\n\n Phone Number | 202-927-7037\n Email Address | Bonnie.Heald@tigta.treas.gov\n Web Site      | http://www.tigta.gov\n\x0c                                               DEPARTMENT OF THE TREASURY\n                                                     WASHINGTON, D.C. 20220\n\n\n\n\nTREASURY INSPECTOR GENERAL\n  FOR TAX ADMINISTRATION\n\n\n\n\n                                               March 29, 2007\n\n\n MEMORANDUM FOR CHIEF INFORMATION OFFICER\n\n FROM:                       Michael R. Phillips\n                             Deputy Inspector General for Audit\n\n SUBJECT:                    Final Audit Report \xe2\x80\x93 Oversight of the Electronic Fraud Detection\n                             System Restoration Activities Has Improved, but Risks Remain\n                             (Audit # 200620042)\n\n This report presents the results of our review to determine whether the Internal Revenue Service\n (IRS) adequately monitored the contractors\xe2\x80\x99 development efforts in 2006 to ensure the Electronic\n Fraud Detection System (hereafter referred to as EFDS or System)1 was delivered in time for the\n 2007 Filing Season. This audit is a follow-up to a prior Treasury Inspector General for Tax\n Administration audit.2\n\n Impact on the Taxpayer\n The EFDS is the primary information system used to support the Criminal Investigation\n Division\xe2\x80\x99s Questionable Refund Program, which is a nationwide program established in\n January 1997 to detect and stop fraudulent and fictitious claims for refunds on income tax\n returns. During Processing Year 2006, the System was not operational because the IRS and its\n contractors were unable to launch a web-based version of the EFDS application (Web EFDS),\n resulting in an estimated $318.3 million in fraudulent refunds being issued as of May 19, 2006.\n The IRS has improved controls over the EFDS restoration activities including executive\n governance and project management. As a result, project risks are being identified and\n mitigation actions are being taken to ensure the System is implemented and fraudulent refunds\n stopped during Processing Year 2007.\n\n\n\n 1\n  See Appendix VIII for a Glossary of Terms.\n 2\n  The Electronic Fraud Detection System Redesign Failure Resulted in Fraudulent Returns and Refunds Not Being\n Identified (Reference Number 2006-20-108, dated August 9, 2006).\n\x0c                Oversight of the Electronic Fraud Detection System Restoration\n                          Activities Has Improved, but Risks Remain\n\n\n\n\nSynopsis\nOn April 19, 2006, all system development activities for the Web EFDS were stopped and all\nefforts were focused on restoring the client-server EFDS for use in January 2007. The\nrestoration effort requires the contractors to prepare the System and the related databases for\nProcessing Year 2007 by starting with the Processing Year 2005 EFDS and updating it with\nthe 2006 and 2007 tax law changes. Therefore, the System restoration work to be completed by\nthe contractors involves the routine annual update of the System with tax law changes and does\nnot contain the level of complexity involved in redesigning it into a web-based system.\nIn the prior EFDS audit, we reported the IRS did not ensure the EFDS project had the required\nexecutive oversight, manage the System risks effectively, monitor contractor performance\neffectively, and use performance-based contracts. The EFDS project also was improperly\nclassified as a steady state project in the business case. During this audit, we determined that\nIRS management completed several corrective actions in response to our prior audit report.\nThe IRS improved executive oversight of the EFDS project by requiring the status and risks of\nthe project be reported at various meetings. Additionally, project management controls were\nimproved. For example, regular meetings are held with\nstakeholders and contractors to ensure tasks are on target\n                                                                 IRS management implemented\nfor timely completion and risks are addressed. If tasks are         executive oversight and\nnot completed when scheduled, the effect on the overall          improved project management\nschedule is determined and remedial actions are taken, if        controls. However, the Federal\nneeded.                                                         Government may not receive the\n                                                                   full amount of the equitable\nThe EFDS Project Office also obtained project                            adjustment.\nmanagement support from contractor Booz Allen Hamilton,\nInc., and obtained independent assessments of the System\nfrom the MITRE Corporation at an estimated cost of $1,722,132. These expenses are considered\ninefficient use of resources because the expenses would not have been incurred if the Web EFDS\nhad been implemented in Processing Year 2006 (see Appendix IV).\nAlthough project management controls have improved, as of the time of our review on\nDecember 8, 2006, risks remained as several critical tasks had not been completed. For example,\nthe EFDS (applications and 3 years of data) must be loaded into the production environment,\nfinal integration testing must be completed, and the required Enterprise Life Cycle documents\nmust be prepared.\nThis audit was conducted while the IRS was performing restoration activities to implement the\nSystem in Processing Year 2007. Any changes that occurred since we completed our analysis in\nDecember 2006 are not reflected in this report. As a result, this report may not reflect the most\ncurrent status of the EFDS project. According to the IRS, the System was placed into production\non January 16, 2007.\n                                                                                                   2\n\x0c                Oversight of the Electronic Fraud Detection System Restoration\n                          Activities Has Improved, but Risks Remain\n\n\n\nDuring this audit, we also determined the Contracting Officer\xe2\x80\x99s Technical Representative\noversight of the Computer Sciences Corporation (CSC) had not changed significantly and the\nEFDS Project Office is in the process of drafting procedures for monitoring acquisitions.\nMeanwhile, compensating controls, such as the improvements in project management, mitigate\nthe oversight risks.\nThe IRS recently issued a contract for an estimated amount of $3,080,004 for restoration work to\nbe performed from November 1, 2006, through February 24, 2007. We reviewed the contract\nand found that payment of the contractor\xe2\x80\x99s fee is not dependent on the timely delivery of specific\nSystem deliverables or milestones. The contract also established a cost sharing amount not to\nexceed $3,080,004 as an equitable adjustment amount to compensate the IRS for the cost to\nrestore the client-server EFDS. However, the agreement does not include a provision that would\nrefund the unused equitable adjustment to the IRS and the cost sharing commitment is\nexclusively related to delivering a client-server EFDS in January 2007.\nBased on our review of the EFDS project work breakdown structure (i.e., a list of all tasks\nrequired to complete the project) it does not appear the CSC has $3,080,004 worth of work\nremaining on the restoration project. The EFDS Executive agreed with this conclusion and\nstated the CSC has verbally agreed to work on two application changes unrelated to the\nrestoration work to ensure the IRS will receive the $3,080,004 equitable adjustment. However,\nthe contract states the CSC\xe2\x80\x99s cost sharing commitment is exclusively related to delivering a\nclient-server-based System and will not apply to any Federal Government directed scope\nincreases. Therefore, the IRS will be obligated to pay the contractor\xe2\x80\x99s fee if a functional EFDS\nis not implemented timely and the IRS may not receive the entire equitable adjustment.\n\nRecommendation\nWe recommended the Chief Information Officer work with the Director, Procurement, to ensure\nthe IRS receives all of the $3,080,004 equitable adjustment from the CSC. If the entire\nadjustment is not received by the end of the original period of performance stated in the contract,\nthe IRS should request the CSC pay the IRS the difference between the $3,080,004 and the credit\nthe IRS received during the period of performance. Alternatively, the IRS should request the\napplication of the remaining equitable adjustment credit owed to the IRS to invoices for future\nEFDS-related task orders or for other work being performed by the CSC.\n\nResponse\nIRS management agreed with the recommendation and prepared a modification to the task order\nto ensure the IRS receives the full equitable adjustment. The modification, signed by the IRS\nand the CSC on February 23, 2007, extends the base period of performance and includes\n\n\n                                                                                                   3\n\x0c               Oversight of the Electronic Fraud Detection System Restoration\n                         Activities Has Improved, but Risks Remain\n\n\n\nadditional work within the scope of the cost sharing agreement. Management\xe2\x80\x99s complete\nresponse to the draft report is included as Appendix IX.\nCopies of this report are also being sent to the IRS managers affected by the report\nrecommendation. Please contact me at (202) 622-6510 if you have questions or\nMargaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs), at\n(202) 622-8510.\n\n\n\n\n                                                                                             4\n\x0c                      Oversight of the Electronic Fraud Detection System Restoration\n                                Activities Has Improved, but Risks Remain\n\n\n\n\n                                             Table of Contents\n\nBackground ..........................................................................................................Page 1\n\nResults of Review ...............................................................................................Page 3\n          Executive Oversight of the Electronic Fraud Detection System Has\n          Improved .......................................................................................................Page 3\n          Electronic Fraud Detection System Restoration Project Management\n          Controls Have Been Improved, but Risks Remain .......................................Page 5\n          Contracting Activities Have Improved, but a Cost Reimbursement Issue\n          Remains.........................................................................................................Page 9\n                    Recommendation 1:........................................................Page 12\n\n\nAppendices\n          Appendix I \xe2\x80\x93 Detailed Objective, Scope, and Methodology ........................Page 13\n          Appendix II \xe2\x80\x93 Major Contributors to This Report ........................................Page 16\n          Appendix III \xe2\x80\x93 Report Distribution List .......................................................Page 17\n          Appendix IV \xe2\x80\x93 Outcome Measures...............................................................Page 18\n          Appendix V \xe2\x80\x93 Electronic Fraud Detection System Management.................Page 20\n          Appendix VI \xe2\x80\x93 Electronic Fraud Detection System Oversight.....................Page 21\n          Appendix VII \xe2\x80\x93 Electronic Fraud Detection System Project Timeline ........Page 23\n          Appendix VIII \xe2\x80\x93 Glossary of Terms .............................................................Page 25\n          Appendix IX \xe2\x80\x93 Management\xe2\x80\x99s Response to the Draft Report ......................Page 29\n\x0c           Oversight of the Electronic Fraud Detection System Restoration\n                     Activities Has Improved, but Risks Remain\n\n\n\n\n                           Abbreviations\n\nCIO                  Chief Information Officer\nCOTR                 Contracting Officer\xe2\x80\x99s Technical Representative\nCSC                  Computer Sciences Corporation\nEFDS, System         Electronic Fraud Detection System\nESC                  Executive Steering Committee\nIRS                  Internal Revenue Service\nMITRE                MITRE Corporation\nMITS                 Modernization and Information Technology Services\nPY                   Processing Year\nWeb EFDS             Web Electronic Fraud Detection System\n\x0c                    Oversight of the Electronic Fraud Detection System Restoration\n                              Activities Has Improved, but Risks Remain\n\n\n\n\n                                             Background\n\nThe Electronic Fraud Detection System (hereafter referred to as the EFDS or System)1 is an\nautomated compliance system designed to maximize fraud detection when tax returns are filed\nand prevent the issuance of fraudulent refunds. The EFDS is the primary information system\nused to support the Criminal Investigation Division\xe2\x80\x99s Questionable Refund Program, which is a\nnationwide program established in January 1977 to detect and stop fraudulent and fictitious\nclaims for refunds on income tax returns.\nIn January 2006, the Internal Revenue Service (IRS) planned to launch a web-based version of\nthe EFDS application (Web EFDS) after failing to implement the Web EFDS in January 2005\nbecause of system development problems. However, the IRS and its contractors were\nunable to provide a functioning Web EFDS to prevent fraudulent refunds during Processing\nYear (PY) 2006. During PY 2006, the System was not operational, resulting in an estimated\n$318.3 million in fraudulent refunds being issued as of May 19, 2006.\nOn April 19, 2006, all system development activities for the Web EFDS were stopped, and all\nefforts were focused on restoring the client-server EFDS for use in January 2007. The\nrestoration effort requires the contractors to prepare the System and the related databases for\nPY 2007 by starting with the PY 2005 EFDS and updating it with the 2006 and 2007 tax law\nchanges. Therefore, the System restoration work to be completed by the contractors involves the\nroutine annual update of the System with tax law changes and does not contain the level of\ncomplexity involved in redesigning the System into a web-based system.\nFive contractors are involved in various EFDS activities. Three of the contractors are working to\nrestore the System for PY 2007, while the remaining two contractors provide program\nmanagement support. The responsibilities of the five contractors include the following:\n      \xe2\x80\xa2    Computer Sciences Corporation (CSC), the primary contractor, is responsible for\n           delivering a fully operational client-server-based System in January 2007. As of\n           December 11, 2006, the total amount paid to the CSC for System restoration work was\n           $2,613,953. In addition, a task order with an estimated cost of $3,080,004 was approved\n           on October 24, 2006, for restoration work to be performed through February 24, 2007.\n      \xe2\x80\xa2    Systems Research and Applications Corporation is responsible for providing and\n           maintaining data-mining techniques used by the EFDS. As of December 11, 2006, the\n           total amount paid to the Systems Research and Applications Corporation for the System\n           restoration was $167,584. In addition, a task order with an estimated cost of $420,648\n\n\n1\n    See Appendix VIII for a Glossary of Terms.\n                                                                                            Page 1\n\x0c                  Oversight of the Electronic Fraud Detection System Restoration\n                            Activities Has Improved, but Risks Remain\n\n\n\n        was approved on July 28, 2006, for work to be performed through July 31, 2007. The\n        remaining funds available for this task order are $336,859.\n    \xe2\x80\xa2   Anteon Corporation is responsible for providing maintenance support for the EFDS\n        client-server application and database. A task order was approved on August 15, 2006,\n        with an estimated cost of $1,500,000 for work to be performed between April 11, 2006,\n        and February 24, 2007. Because the work performed by Anteon Corporation is critical to\n        the System restoration, it was allowed to begin work before the task order was approved.\xc2\xa0\xc2\xa0\n        As of December 11, 2006, the total amount paid to the Anteon Corporation for the EFDS\n        restoration was $707,006. The remaining funds available for this task order are\n        $792,994.\n    \xe2\x80\xa2   Booz Allen Hamilton, Inc. is responsible for providing EFDS Project Office support. A\n        task order with an estimated cost of $1,201,378 for project management support services\n        was awarded July 6, 2006, for work to be performed through July 1, 2007.\n    \xe2\x80\xa2   MITRE Corporation (MITRE) is responsible for providing independent assessments of\n        the System restoration activities. A task order with an estimated cost of $103,024 was\n        approved on September 14, 2006, for work to be performed through December 31, 2006.\nThis review is a follow-up to a prior Treasury Inspector General for Tax Administration audit.2\nThis review was performed at the Modernization and Information Technology Services (MITS)\norganization offices in New Carrollton, Maryland, and Washington, D.C., during the period\nOctober through December 2006. The audit was conducted in accordance with Government\nAuditing Standards. Detailed information on our audit objective, scope, and methodology is\npresented in Appendix I. Major contributors to the report are listed in Appendix II.\n\n\n\n\n2\n The Electronic Fraud Detection System Redesign Failure Resulted in Fraudulent Returns and Refunds Not Being\nIdentified (Reference Number 2006-20-108, dated August 9, 2006).\n                                                                                                      Page 2\n\x0c                   Oversight of the Electronic Fraud Detection System Restoration\n                             Activities Has Improved, but Risks Remain\n\n\n\n\n                                       Results of Review\n\nExecutive Oversight of the Electronic Fraud Detection System Has\nImproved\nThe Clinger-Cohen Act of 19963 requires agencies to use a disciplined Capital Planning and\nInvestment Control process to acquire, use, maintain, and dispose of information technology\nassets. The Office of Management and Budget Circular A-11, Preparation, Execution, and\nSubmission of the Budget, dated June 2006, requires each agency to include with its annual\nbudget submission an information technology investment portfolio, commonly referred to as an\nExhibit 53, containing the information technology investment title, description, amount, and\nfunding source. For each major information technology investment, the Office of Management\nand Budget requires agencies to include Circular A-11 Exhibit 300, Capital Asset Plan and\nBusiness Case, with their budget submissions.\nThe IRS\xe2\x80\x99 Capital Planning and Investment Control process for managing information technology\nprojects established an executive governance process for monitoring projects that included the\nMITS Enterprise Governance Committee, the MITS Enterprise Governance Investment\nManagement Subcommittee, and Executive Steering Committees (ESC) responsible for specific\nprojects. Major projects with costs of more than $5 million per year or total lifecycle costs of\nmore than $50 million were to be governed by the executive governance process. Formal\nagendas, presentations, and meeting minutes are prepared for each ESC meeting including\ndocumenting key decisions and assignments. To assess the controls over the EFDS project, we\nreviewed the policies and procedures applicable to the project and determined whether they were\nimplemented effectively.\nIn the prior EFDS audit, we reported the Exhibit 300 improperly classified the EFDS as a steady\nstate project. This was improper because, at the time, the IRS was in the process of developing\nthe Web EFDS. In addition, information in the Exhibit 300 was not consistent and presented the\nEFDS as both a steady state system and a system under development.\nThe EFDS project did not have continuous ESC oversight as required by the Capital Planning\nand Investment Control process. Instead, there was ESC oversight from June 2002 until\nJuly 2003. Afterwards, oversight was provided by Business Systems Development organization\n\n\n\n3\n Pub. L. No. 104-106, 110 Stat. 642 (codified in scattered sections of 5 U.S.C., 5 U.S.C. app., 10 U.S.C., 15 U.S.C.,\n16 U.S.C., 18 U.S.C., 22 U.S.C., 28 U.S.C., 29 U.S.C., 31 U.S.C., 38 U.S.C., 40 U.S.C., 41 U.S.C., 42 U.S.C.,\n44 U.S.C., 49 U.S.C., 50 U.S.C.).\n                                                                                                             Page 3\n\x0c                  Oversight of the Electronic Fraud Detection System Restoration\n                            Activities Has Improved, but Risks Remain\n\n\n\nexecutives who were also responsible for managing the maintenance and development work for\nmore than 325 IRS systems.\nWe also reported that key decisions relating to the Web EFDS development were not adequately\ndocumented. Consequently, we made the following recommendations:\n    \xe2\x80\xa2   Recommendation 1: The Chief Information Officer (CIO) should ensure the EFDS\n        project is assigned to an ESC for executive oversight, including documenting key\n        decisions and assignments.\n    \xe2\x80\xa2   Recommendation 2: The CIO should evaluate other projects being managed in the new\n        Applications Development organization and ensure all projects are assigned to the\n        appropriate oversight process. High-risk projects, like the EFDS, should also be included\n        in the Senior Management Dashboard Review process.\n    \xe2\x80\xa2   Recommendation 3: The CIO should ensure the business case and the information\n        technology investment portfolio are revised to categorize the EFDS project properly and\n        include accurate and consistent information.\nDuring this audit, we determined that IRS management\nimplemented executive governance oversight and completed          IRS management implemented\nseveral corrective actions in response to our prior audit             executive oversight and\n                                                                   completed several corrective\nreport. For example, the EFDS project was assigned to the         actions in response to our prior\nCompliance ESC.4 Discussion items, actions, and decisions               audit report. As of\nresulting from these meetings are documented in the                December 8, 2006, the EFDS\nmeeting minutes. This corrective action addresses                   Project Office reported the\nRecommendation 1 from the prior audit report. The System           project was on schedule and\n                                                                 implementation was expected to\nis also included in the Senior Management Dashboard                 occur on January 16, 2007.\nReview. The System risks, issues, and mitigation strategies\nidentified at the Senior Management Dashboard Review\nmeetings are documented and tracked. The Senior Management Dashboard Review is attended\nby one or more executives from the Enterprise Services organization and representatives of the\nprojects under review. This corrective action partially addresses Recommendation 2 from the\nprior audit report. The IRS Commissioner is also briefed monthly on the status of the System\nactivities by the CSC (see Appendix VI for a list of recurring executive briefings).\nThe IRS stopped the Web EFDS development and is restoring the client-server EFDS for use in\nPY 2007. The EFDS Project Office revised the Exhibit 300 to correctly support classifying the\n\n\n4\n On October 16, 2006, the MITS Enterprise Governance Committee approved the reconfiguration of the\nCompliance ESC into the Reporting Compliance and the Filing and Payment Compliance ESCs. On\nNovember 15, 2006, the MITS Enterprise Governance Committee approved keeping the EFDS in the Reporting\nCompliance ESC until the filing season is complete, then the EFDS will be moved to the Criminal Investigation\nESC.\n                                                                                                          Page 4\n\x0c                Oversight of the Electronic Fraud Detection System Restoration\n                          Activities Has Improved, but Risks Remain\n\n\n\nSystem restoration as a steady state project. On September 11, 2006, the IRS submitted a revised\nExhibit 300 which was approved by the Department of the Treasury. This corrective action\naddresses prior audit Recommendation 3. The remaining corrective actions, which are to\nevaluate other projects and assign them the appropriate oversight, are in process and scheduled to\nbe completed by April 1, 2007.\nContinuous executive oversight of a project helps to ensure risks are identified and mitigated. As\nof December 1, 2006, the EFDS Project Office reported the project is on schedule and\nimplementation is expected to occur on January 16, 2007.\n\nElectronic Fraud Detection System Restoration Project Management\nControls Have Been Improved, but Risks Remain\nThe Department of the Treasury Publication 84-01, Information System Life Cycle Manual, dated\nMarch 2002, states that general standardization of life cycle management ensures systems are\ndeveloped, acquired, evaluated, and operated efficiently, within prescribed budget and schedule\nconstraints, and are responsive to mission requirements. In addition, the IRS system\ndevelopment guidelines (currently, the Enterprise Life Cycle - Lite) stipulate that, as part of the\ninformation system life cycle management process, project management should identify project\nrisks early and manage them before they become problems. The risk management process\nencompasses the identification of risk issues, assessment of risk to define probability and impact,\npreparation and implementation of risk mitigation and risk contingency plans, and continuous\nmonitoring of those actions to ensure effectiveness. Risk management is used to ensure critical\nareas of uncertainty are surfaced early enough to be addressed without adversely affecting cost,\nschedule, or performance.\nIn the prior EFDS audit, we reported that the risks were not managed effectively; status meetings\nwith stakeholders were held, but the meeting results were not documented sufficiently, if at all;\nindividuals were not held accountable for timely completion of tasks; a process to adequately and\nindependently confirm the completion of tasks had not been established nor documented; and\nkey management documents were not prepared or properly maintained. As a result, we made the\nfollowing recommendations:\n   \xe2\x80\xa2   Recommendation 4: The CIO should ensure project risks are identified properly and\n       plans are prepared to reduce the risks affecting the successful development of the project.\n   \xe2\x80\xa2   Recommendation 5: The CIO should ensure the proper system development life cycle\n       methodology is implemented for the EFDS development, based on the types of changes\n       being made to the system.\nFor the current client-server EFDS restoration project, the EFDS Project Manager monitors the\ncontractor and IRS progress and performance to ensure the project is on schedule. During the\nWeb EFDS development, the EFDS Project Manager was also the EFDS/Questionable Refund\n\n                                                                                            Page 5\n\x0c                Oversight of the Electronic Fraud Detection System Restoration\n                          Activities Has Improved, but Risks Remain\n\n\n\nProgram Section Chief and performed some of the CSC Contracting Officer\xe2\x80\x99s Technical\nRepresentative (COTR) duties. For the EFDS restoration project, the three duties were assigned\nto separate individuals. See Appendix V for a list of the individuals responsible for the EFDS\nproject. IRS management stated that spreading out the assignments made the project less\ndifficult to manage. In addition, the CSC no longer maintains the project work breakdown\nstructure (i.e., a list of all tasks and the tasks completion dates required to complete the project\ntimely). Instead, it is maintained by Booz Allen Hamilton, Inc. which is providing program\nmanagement support to the EFDS Project Office. The project tasks are divided into shorter\nmanageable increments to facilitate task monitoring, validation, and inclusion on the project\nschedule.\nImprovements in project management controls include holding regular meetings with\nstakeholders and contractors to ensure tasks are on target for timely completion and risks are\naddressed. If tasks are not completed when scheduled, the impact on the overall schedule is\ndetermined and remedial actions are taken, if needed. Stakeholder involvement ensures that\nactivities and decisions adequately address the business concerns and completed tasks are\nsatisfactory. Examples of meetings held include the Weekly Stakeholder Status Meetings, the\nWeekly Technical Meetings, and the Filing Season\nReadiness Meetings (see Appendix VI for a list of\nrecurring meetings).                                         EFDS project management and risk\n                                                               identification and mitigation have\nIn addition, a process was established, documented,        improved. For example, if tasks are\nand implemented to monitor the status and verify the       not completed when scheduled, the\n                                                            impact on the overall schedule is\nsatisfactory completion of tasks. Risks and mitigation     determined and remedial actions are\nactivities discussed during the weekly stakeholder                   taken, if needed.\nstatus meetings are documented in status reports and/or\nmeeting minutes and a database maintained by Booz\nAllen Hamilton, Inc. This corrective action and the executive oversight discussed above address\nprior audit Recommendation 4.\nThe Enterprise Life Cycle Project Office also performed an analysis to determine what\nEnterprise Life Cycle - Lite documents should be produced for a steady state project. On\nOctober 30, 2006, the Compliance ESC gave the EFDS Project Office approval to limit the\nEnterprise Life Cycle documents to five required documents (Business Systems Requirements\nReport, Requirements Traceability Matrix, Test Plan, Transition Management Plan, and\n508 Compliance). Figure 1 provides the status of the EFDS Project Office\xe2\x80\x99s preparation of the\ndocuments as of October 31, 2006. This corrective action addresses prior audit\nRecommendation 5.\n\n\n\n\n                                                                                              Page 6\n\x0c               Oversight of the Electronic Fraud Detection System Restoration\n                         Activities Has Improved, but Risks Remain\n\n\n\n                 Figure 1: Status of Enterprise Life Cycle Documents\n                Document Name                               Preparation Status\n                Business Systems Requirements Report        Completed\n                Requirements Traceability Matrix            Completed\n                Test Plan                                   Completed\n                Transition Management Plan                  In Planning\n                508 Compliance                              In Process\n              Source: EFDS Project Office.\n\nAs previously stated, the EFDS Project Office contracted with Booz Allen Hamilton, Inc. to\nprovide program/project management support for the restoration of the client-server EFDS\napplication. The estimated cost of this program management support is $1,201,378. The\ncontract states Booz Allen Hamilton, Inc. employees will:\n   \xe2\x80\xa2   Help to accurately monitor and timely report risks, issues, project status, and action\n       items.\n   \xe2\x80\xa2   Provide technical architecture support to help assess technical issues caused by the\n       PYs 2006 and 2007 changes.\n   \xe2\x80\xa2   Maintain the work breakdown structure and enter start and completion dates into the\n       schedule. When a completion date has not been met or it appears that a completion date\n       will not be met, contractor support determines the effect of the delay on other tasks, the\n       overall schedule, and the stakeholders.\nMITRE was also hired as the IRS\xe2\x80\x99 Federally Funded Research and Development Center to\nperform two independent studies of the System. The first study, dated June 9, 2006, cost the IRS\n$417,730 and determined the root causes of the Web EFDS performance issues and\nrecommended actions to address those issues. The study also assessed the EFDS Web Portal\nsystem, rendered an opinion on its future viability, and recommended actions to apply the lessons\nlearned from the System situation across the information technology portfolio to improve the\ndelivery of other projects of similar size, scope, and complexity. MITRE stated the Web EFDS\napplication and database were good products and with additional work, could be implemented.\nDue to the focus on the System restoration, the EFDS Project Office only implemented\nrecommendations that would help in the System restoration efforts and that could be done\nquickly. Decisions on whether the other recommendations will be implemented have not been\nmade.\nThe second MITRE study, dated October 5, 2006, will cost an estimated $103,024 and assessed\nthe client-server EFDS\xe2\x80\x99 readiness to successfully perform refund fraud detection functions in\n\n                                                                                              Page 7\n\x0c               Oversight of the Electronic Fraud Detection System Restoration\n                         Activities Has Improved, but Risks Remain\n\n\n\nPY 2007. MITRE issued a preliminary assessment stating the project is on a path for successful\nimplementation and there were no significant issues or risks that would prevent delivery of a\nfunctioning system by January 2007. MITRE planned to reassess EFDS project readiness on or\nafter November 17, 2006, after PY 2006 data loads were completed and after the Criminal\nInvestigation Division completed its data quality reviews. However, on December 6, 2006, the\nEFDS Executive advised us the IRS will not be inviting MITRE to perform another readiness\nassessment because the project is on schedule and he did not want to subject the EFDS Project\nOffice to another third-party review as it would not provide any new information.\nThe IRS will spend an estimated $1,722,132 for Booz Allen Hamilton, Inc. project management\nsupport and MITRE independent assessments. These expenses are considered inefficient use of\nresources because the expenses would not have been incurred if the Web EFDS had been\nimplemented in PY 2006 (see Appendix IV).\nOverall, oversight of the client-server EFDS restoration project has improved because\nmanagement implemented effective project management controls and completed several\ncorrective actions in response to our prior audit report. However, as of December 8, 2006, risks\nremained as several critical tasks had not been completed.\n   \xe2\x80\xa2   The EFDS (applications and 3 years of data) must be loaded into the production\n       environment. The planned completion date is December 29, 2006.\n   \xe2\x80\xa2   Final integration testing must be completed. The planned completion date is\n       December 29, 2006.\n   \xe2\x80\xa2   Security Certification and Accreditation must be completed. The planned completion\n       date is January 8, 2007.\n   \xe2\x80\xa2   Disaster recovery testing will not be performed prior to the January implementation. It is\n       scheduled to occur after the filing season. The tentative test date is September 2007 and\n       this test is included in a broader IRS disaster recovery test.\nAs a result of improved project management, risks identified thus far have been mitigated and\nthe System restoration is on schedule for the January 16, 2007, implementation.\nThis audit was conducted while the IRS was performing restoration activities to implement the\nSystem in PY 2007. Any changes that occurred since we completed our analysis in\nDecember 2006 are not reflected in this report. As a result, this report may not reflect the most\ncurrent status of the EFDS project. According to the IRS, the System was placed into production\non January 16, 2007.\n\n\n\n\n                                                                                          Page 8\n\x0c     --\n                  Oversight of the Electronic Fraud Detection System Restoration\n                            Activities Has 1-0   ved, but Risks Remain\n\n\n\n\nContracting Activities Have Improved, but a Cost Reimbursement\nIssue Remains\nThe Federal Acquisition Regulation5holds contractors responsible for timely contract\nperformance; however, the Federal Government is also responsible for monitoring contractor\nperformance, as necessary, to protect its interest. This monitoring should include comparing a\ncontractor's performance plans, schedules, controls, and processes against the contractor's achal\nperformance; determining the contractor's progress; and identifying any factors that may delay\nperformance. Agencies are also required to develop quality assurance surveillance plans when\nacquiring services specifying the work requiring surveillance and the method of surveillance.\nThe IRS Office of Procurement Policy best practices state that a planned surveillance effort is\nnecessary to measure contractor performance and ensure successful completion of tasks.\nContracting Officers are responsible for ensuring performance of all necessary actions for\neffective contracting, ensuring compliance with the terms of the contract, and safeguarding the\ninterests of the Federal Government in its contractual relationships. Since many of the\nContracting Officers7responsibilities can be delegated to a COTR, the COTR plays a critical role\nin the technical administration of Federal Government contracts to assure that the Government\nreceives the supplies or services in accordance with the contracts7specifications. COTR\nresponsibilities usually include monitoring contractor performance and schedule; acknowledging\nreceipt of supplies or services with an acceptance certificate; reviewing, commenting, and\naccepting or rejecting deliverables, as well as providing written evaluation of each major\ndeliverable; and reviewing and verifying the contractor's invoices for hours expended and costs\nincurred.\nWhile contracting officials should always check the mathematical accuracy of invoices to avoid\nany overpayment to the contractor, cost-reimbursement contracts require a more indepth review\nof invoices to ensure costs are not incurred prematurely and relate to progress under the contract.\nAs a result, COTR activities should include checking the invoice date against the contract\nperformance period to ensure costs are being billed for the proper time period; comparing the\ncontractor's billing rates against the contract rates to ensure indirect costs are being properly\nbilled; reviewing the contractor's time cards, sign-in sheets, and overtime records to help assess\nthe reasonableness of direct costs; and maintaining monthly reports or spreadsheets on costs\nincurred against the contract amount.\n\n\n\n\n 48 C.F.R. ch. 1 (2005).\n                                                                                            Page 9\n\x0c                       Oversight of the Electronic Fraud Detection System Restoration\n                                 Activities Has Improved, but Risks Remain\n         --\n\n\n\n\n              Recommendation 6: The CIO should ensure contractors are accountable for performance\n              by developing performance-based requirements for new EFDS contracts. The CIO\n              should also consider employing cost-sharing arrangements for future task orders so both\n              the IRS and contractor share the risk of project development cost overruns.\n              Recommendation 7: The CIO should ensure COTRs are trained adequately and their\n              duties are performed properly to monitor contractor performance effectively through\n              planned surveillance efforts and independent inspections of contractor work, as described\n              by IRS Office of Procurement Policy best practices.\n              Recommendation 8: The CIO and the Director, Procurement, should initiate discussions\n              with the contractor to recover the funds paid to the contractor to restore the old EFDS for\n              use in PY 2005 and any additional costs resulting from nondelivery of a functional\n              Web EFDS.\n              Recommendation 9: The CIO should defer additional work on the Web EFDS until the\n              IRS decides who will perform the EFDS work. If some or all of the work will transfer to\n              other business units, the CIO should ensure their requirements are identified before\n              initiating a contract for further development of the Web EFDS. The contract should be\n              opened to competition.\n\n    COTR oversiqht has not siqnificantlv changed, but compensatinq controls\n    mitiqate the risks\n\n                                               IWe determined that COTR oversight has not changed\n    significantly. As in the prior audit, the new COTR attends meetings with the contractors but still\n    depends on EFDS Project management to provide confirmation of the status of tasks and receipt\n    and acceptability of deliverables. The EFDS Project Ofice is aware of this dependency and has\n    mitigated this risk by obtaining the confirmations from the stakeholders through its weekly\n    System status reporting process.\nThe COTR now reviews invoices and obtains feedback from the IRS technical points of contact\nand EFDS Project Office personnel to confirm technical accuracy of deliverables. However, our\nreview of the controls over the procurement process identified issues similar to those found in\nthe prior audit. For example@d)\nI\n\n\n\n                                                                                                 Page 10\n\x0c               Oversight of the Electronic Fraud Detection System Restoration\n                         Activities Has Improved, but Risks Remain\n\n\n\nEFDS Project Office is in the process of drafting procedures for monitoring acquisitions.\nCorrective actions for Recommendation 7 are scheduled to be completed by January 1, 2007.\n\nThe equitable adjustment agreement does not ensure the IRS will receive the full\namount of the cost reimbursement\nThe IRS recently issued a Treasury Information Processing Support Services-3\ncost-plus-fixed-fee contract that established a base period of performance of November 1, 2006,\nthrough February 24, 2007, for EFDS restoration work at an estimated cost of $3,080,004. The\nIRS reported in the Joint Audit Management Enterprise System that this contract award\ncompleted the corrective action for Recommendation 6 and originally stated that a percentage of\nthe contractor\xe2\x80\x99s fee would be dependent upon timely delivery of specified milestones. The Joint\nAudit Management Enterprise System was updated subsequently to state that a percentage of the\ncontractor\xe2\x80\x99s fee was associated with specific deliverables. However, we reviewed the signed\ncontract and found that payment of the contractor\xe2\x80\x99s fee was not dependent on the timely delivery\nof EFDS milestones or specific deliverables, and the contract did not include milestones. As a\nresult, the Federal Government\xe2\x80\x99s interest is not protected because it would be obligated to pay\nthe contractor\xe2\x80\x99s fee if a functional EFDS is not implemented timely. Regarding\nRecommendation 6 to use performance-based contracts, the IRS stated that future contracts for\ncompletion of the Web EFDS will be performance-based.\nThe contract also established a cost sharing amount not to\nexceed $3,080,004 ($2,859,253 cost reimbursement amount\nand $220,751 fee) as an equitable adjustment amount. The           Based on the contract and the\n                                                                   remaining CSC work identified\nCSC agreed to credit each invoice submitted to the IRS for              in the work breakdown\nwork performed during the base period of performance for the             structure, the Federal\ncost incurred plus a fee. However, the agreement did not          Government may not receive the\ninclude a provision that would refund the unused equitable             full equitable adjustment.\nadjustment to the IRS. The equitable adjustment was included        However, the EFDS Executive\n                                                                     stated the CSC has verbally\nin the contract as a response to Recommendation 8 from the          agreed to work on additional\nprior audit report.                                                application changes (unrelated\n                                                                      to the restoration work) to\nBased on our October 25, 2006, meeting with the EFDS                 ensure the IRS receives the\nProject Manager and our review of the work breakdown              $3,080,004 equitable adjustment.\nstructure, most of the CSC\xe2\x80\x99s work was completed by\nOctober 2006. Thus, it does not appear the CSC has\n$3,080,004 of work remaining. This is also supported by the EFDS Executive\xe2\x80\x99s August 3, 2006,\ncomment to CSC and MITS executives, \xe2\x80\x9cSince much of the cost for restoring the EFDS will\nlikely have been incurred before this agreement is finalized, some of the CSC\xe2\x80\x99s cost sharing will\nlikely be in force after the restoration is complete and the EFDS is in operations and\nmaintenance.\xe2\x80\x9d On December 6, 2006, the EFDS Executive agreed with our conclusion and\nexplained that, if the contract had been signed timely, this would not have been a problem. The\nEFDS Executive stated the CSC was aware of this and has verbally agreed to work on two\n                                                                                         Page 11\n\x0c               Oversight of the Electronic Fraud Detection System Restoration\n                         Activities Has Improved, but Risks Remain\n\n\n\napplication changes (unrelated to the restoration work) to ensure the IRS will receive the\n$3,080,004 equitable adjustment. However, the contract states the CSC\xe2\x80\x99s cost sharing\ncommitment is related exclusively to delivering a client-server-based System and will not apply\nto any Federal Government directed scope increases. Again, the Federal Government\xe2\x80\x99s interest\nhas not been protected because the CSC could bill the IRS for the work that is unrelated to the\nSystem restoration without crediting the IRS for the unused equitable adjustment.\n\nRecommendation\nRecommendation 1: The CIO should work with the Director, Procurement, to ensure the IRS\nreceives all of the $3,080,004 equitable adjustment from the CSC. If there is not enough work to\nbe completed by the CSC during the November 1, 2006, through February 24, 2007, period of\nperformance to enable the IRS to receive the full adjustment, the IRS should request that the\nCSC pay the IRS the difference between the $3,080,004 and the credit the IRS received during\nthe period of performance. Alternatively, the IRS should request the application of the\nremaining equitable adjustment credit owed to the IRS to invoices for future EFDS-related task\norders or for other work being performed by the CSC.\n       Management\xe2\x80\x99s Response: IRS management agreed with the recommendation and\n       prepared a modification to the task order to ensure the IRS receives the full equitable\n       adjustment. The modification, signed by the IRS and the CSC on February 23, 2007,\n       extends the base period of performance and includes additional work within the scope of\n       the cost sharing agreement.\n\n\n\n\n                                                                                        Page 12\n\x0c                    Oversight of the Electronic Fraud Detection System Restoration\n                              Activities Has Improved, but Risks Remain\n\n\n\n                                                                                    Appendix I\n\n            Detailed Objective, Scope, and Methodology\n\nThe overall objective of this review was to determine whether the IRS adequately monitored the\ncontractors\xe2\x80\x99 development efforts in 2006 to ensure the EFDS1 was delivered in time for the\n2007 Filing Season. To accomplish our objective, we:\nI.         Determined whether the executive monitoring and project management processes were\n           effective to ensure 2007 Filing Season implementation.\n           A. Obtained and reviewed the minutes and briefing materials for the Compliance ESC\n              and Senior Management Dashboard Reviews; the monthly briefings presented by the\n              CSC (i.e., the PRIME contractor) to the IRS Commissioner; the MITS and Criminal\n              Investigation Division Business Performance Reviews; the Enterprise Life Cycle Gap\n              Analysis; and the results of the CIO\xe2\x80\x99s program review of the EFDS project.\n           B. Determined the effectiveness of project management controls.\n               1. Interviewed EFDS Project Office management to determine how they monitored\n                  contractor progress and performance. We also obtained and reviewed status\n                  reports and project schedules used to monitor contractor progress and\n                  performance and determined whether the status reports documented when critical\n                  problems occurred initially, when they were elevated for resolution, and how\n                  management validated the accuracy of the schedule.\n               2. Obtained and reviewed minutes of the monthly meetings between the Compliance\n                  Domain Director, EFDS Project Manager, Criminal Investigation Division\n                  representative, and CSC personnel to determine the issues and related resolutions\n                  that were discussed.\n               3. Determined what risks were identified and whether risk mitigation plans were\n                  prepared.\n               4. Interviewed Criminal Investigation Division management to determine whether\n                  they needed the System in advance to prepare and conduct their training.\n               5. Interviewed EFDS Project Office and Criminal Investigation Division\n                  management to determine what contingency plans were developed to minimize\n                  the effect to the Questionable Refund Program in the event the client-server EFDS\n                  was not implemented timely or with full functionalities.\n\n1\n    See Appendix VIII for a Glossary of Terms.\n                                                                                           Page 13\n\x0c               Oversight of the Electronic Fraud Detection System Restoration\n                         Activities Has Improved, but Risks Remain\n\n\n\n          6. Interviewed the IRS employees responsible for conducting the System\n             Acceptability Testing for the restored EFDS to determine the status and results of\n             testing as well as whether the contractor submitted quality products.\n       C. Identified the contractor support that was obtained to assist the EFDS Project Office\n          in the System restoration.\n          1. Interviewed EFDS Project Office management to identify the contractors and the\n             scope of their work on the restoration.\n          2. Obtained the contracts/task orders/statements of work for the restoration efforts to\n             determine the scope of work and restoration costs for each contractor and\n             reviewed the CSC contract/task order/statement of work to determine the amount\n             the IRS would receive as an equitable adjustment for the Web EFDS not being\n             implemented in 2006.\n          3. Validated the invoice amounts supplied by the COTR by comparing the invoice to\n             information in the IRS\xe2\x80\x99 Web Request Tracking System.\n          4. Reviewed the MITRE report assessing the System restoration efforts to determine\n             the effect, if any, on our audit work.\nII.    Determined whether the COTRs for the contracts and task orders were effectively\n       monitoring and documenting the contractors\xe2\x80\x99 progress and performance on the System\n       restoration work.\n       A. Obtained and reviewed policies and procedures for monitoring contractor progress\n          and performance.\n       B. Interviewed the COTRs and identified their process for monitoring the contractors\n          and performing independent inspections to ensure the work was on schedule and met\n          the contract terms and user requirements. We also obtained and reviewed\n          documentation of independent inspections, if performed.\n       C. Obtained and reviewed status reports and minutes of meetings between the COTRs\n          and contractors working on the EFDS project, if taken.\nIII.   Determined whether effective corrective actions were implemented to address the\n       recommendations in the prior EFDS audit report, The Electronic Fraud Detection System\n       Redesign Failure Resulted in Fraudulent Returns and Refunds Not Being Identified\n       (Reference Number 2006-20-108, dated August 9, 2006) and the MITRE report,\n       Electronic Fraud Detection System (EFDS) Project Final Assessment Report\n       Version 1.0, dated June 9, 2006.\n       A. Reviewed the Joint Audit Management Enterprise System to determine the status of\n          the corrective actions.\n\n                                                                                         Page 14\n\x0c        Oversight of the Electronic Fraud Detection System Restoration\n                  Activities Has Improved, but Risks Remain\n\n\n\nB. Obtained documentation to verify closed corrective actions were implemented.\nC. Interviewed the EFDS Project Manager to determine the IRS\xe2\x80\x99 decision on\n   implementing the MITRE recommendations (e.g., the number of recommendations\n   agreed to, implemented, rejected, etc.).\n\n\n\n\n                                                                              Page 15\n\x0c               Oversight of the Electronic Fraud Detection System Restoration\n                         Activities Has Improved, but Risks Remain\n\n\n\n                                                                              Appendix II\n\n                 Major Contributors to This Report\n\nMargaret E. Begg, Assistant Inspector General for Audit (Information Systems Programs)\nGary Hinkle, Director\nDanny Verneuille, Audit Manager\nTina Wong, Lead Auditor\nPhung-Son Nguyen, Senior Auditor\nVan Warmke, Senior Auditor\nOlivia DeBerry, Auditor\nLinda Screws, Auditor\n\n\n\n\n                                                                                     Page 16\n\x0c              Oversight of the Electronic Fraud Detection System Restoration\n                        Activities Has Improved, but Risks Remain\n\n\n\n                                                                          Appendix III\n\n                        Report Distribution List\n\nCommissioner C\nOffice of the Commissioner \xe2\x80\x93 Attn: Chief of Staff C\nDeputy Commissioner for Operations Support OS\nDeputy Commissioner for Services and Enforcement SE\nChief, Agency-Wide Shared Services OS:A\nChief, Criminal Investigation SE:CI\nDeputy Chief Information Officer OS:CIO\nDeputy Chief, Criminal Investigation SE:CI\nAssociate Chief Information Officer, Applications Development OS:CIO:AD\nDirector, Procurement OS:A:P\nDirector, Refund Crimes SE:CI:RC\nDirector, Stakeholder Management OS:CIO:SM\nChief Counsel CC\nNational Taxpayer Advocate TA\nDirector, Office of Legislative Affairs CL:LA\nDirector, Office of Program Evaluation and Risk Analysis RAS:O\nOffice of Internal Control OS:CFO:CPIC:IC\nAudit Liaisons:\n       Deputy Commissioner for Operations Support OS\n       Deputy Commissioner for Services and Enforcement SE\n       Chief, Agency-Wide Shared Services OS:A\n       Director, Procurement OS:A:P\n       Director, Program Oversight Office OS:CIO:SM:PO\n\n\n\n\n                                                                                Page 17\n\x0c                Oversight of the Electronic Fraud Detection System Restoration\n                          Activities Has Improved, but Risks Remain\n\n\n\n                                                                                 Appendix IV\n\n                               Outcome Measures\n\nThis appendix presents detailed information on the measurable impact that our recommended\ncorrective actions will have on tax administration. These benefits will be incorporated into our\nSemiannual Report to Congress.\n\nType and Value of Outcome Measure:\n\xe2\x80\xa2   Inefficient Use of Resources \xe2\x80\x93 Potential; $1,201,378 (see page 5).\n\nMethodology Used to Measure the Reported Benefit:\nThe EFDS Project Office has obtained program management support from Booz Allen Hamilton,\nInc. The support that contract employees will provide includes helping to accurately monitor and\ntimely report risks, issues, project status, and action items; providing technical architecture\nsupport to help assess technical issues caused by the PYs 2006 and 2007 changes; and\nmaintaining the work breakdown structure. If the Web EFDS had been implemented in\nPY 2006, program management support would not have been required. The estimated cost of the\nproject management support services is $1,201,378.\n\nType and Value of Outcome Measure:\n\xe2\x80\xa2   Inefficient Use of Resources \xe2\x80\x93 Potential; $417,730 (see page 5).\n\nMethodology Used to Measure the Reported Benefit:\nThe IRS hired the MITRE to perform a study to determine the root causes of the Web EFDS\nproject performance issues and recommend actions to address those issues, assess the EFDS Web\nPortal system and render an opinion on its future viability, and recommend actions to apply the\nlessons from the System situation across the information technology portfolio to improve the\ndelivery of other projects of similar size, scope and complexity. If the Web EFDS had been\nimplemented timely and successfully in PY 2006, the IRS would not have requested the study\nwhich is estimated to cost $417,730.\n\n\n\n\n                                                                                          Page 18\n\x0c                Oversight of the Electronic Fraud Detection System Restoration\n                          Activities Has Improved, but Risks Remain\n\n\n\nType and Value of Outcome Measure:\n\xe2\x80\xa2   Inefficient Use of Resources \xe2\x80\x93 Potential; $103,024 (see page 5).\n\nMethodology Used to Measure the Reported Benefit:\nThe IRS hired the MITRE to perform a study to assess the client-server EFDS\xe2\x80\x99 readiness to\nsuccessfully perform refund fraud detection functions in PY 2007. If the Web EFDS had been\nimplemented timely and successfully in PY 2006, the IRS would not have requested the study\nwhich is estimated to cost $103,024.\n\n\n\n\n                                                                                     Page 19\n\x0c                    Oversight of the Electronic Fraud Detection System Restoration\n                1             Activities Has Improved, but Risks Remain\n\n\n\n\n                                                                                             Appendix V\n\n                     E/ectronic Fraud Detection System\n                                Management\n\n                      ~    i   t    l   e Employee's\n                                           l         Name\n                                                                   I               Date\n\n\n\n\n1\n    The EFDS was placed in the Compliance domain,in the new Applications Development organization.\n                                                                                                     Page 20\n\x0c                 Oversight of the Electronic Fraud Detection System Restoration\n                           Activities Has Improved, but Risks Remain\n\n\n\n                                                                                       Appendix VI\n\n        Electronic Fraud Detection System Oversight\n\n        Figure 1: Meetings Attended by the EFDS Project Staff, Stakeholders,\n        Contractors and/or Executives Assigned to Oversee the EFDS Project\n                                 Meetings                                            Frequency\n   Stakeholder status meetings are held to discuss and analyze the project\n                                                                                      Weekly\n   status and schedule, risks, and risk mitigation strategies.\n   Technical meetings are held to review and propose solutions to\n   technical issues regarding the EFDS restoration effort                             Weekly\n   (e.g., application change requests, user or system requirements, etc.).\n   The COTRs and contractors meet to discuss the status of the project\n                                                                                     Bi-weekly\n   (e.g., whether work is on schedule and meets the users\xe2\x80\x99 needs).\n   Senior Management Dashboard Review meetings are held to facilitate\n   common understanding of the status of each project among\n                                                                                      Monthly\n   Government and contractor representatives. Only problem areas or\n   notable status changes are discussed.\n   ESC meetings are held to oversee investments and ensure business\n                                                                                      Monthly\n   risks are known and quantified.\n   Filing Season Readiness meetings are held to discuss the status and       Weekly - prior to the filing\n   issues regarding requests for application changes needed for the filing             season.\n   season.                                                                    Daily - during the filing\n                                                                                       season.\nSource: EFDS Project Office and various IRS documents.\n\n\n\n\n                                                                                                 Page 21\n\x0c               Oversight of the Electronic Fraud Detection System Restoration\n                         Activities Has Improved, but Risks Remain\n\n\n\n                Figure 2: Meetings the EFDS Project Office Reported\n                         It Provides Project Status Briefings\n                                Meetings                              Frequency\n      Commissioner\xe2\x80\x99s Monthly Meeting                                   Monthly\n      Filing Season Executive Meeting                                  Monthly\n      Business Performance Reviews                                    Quarterly\n      Operational Reviews of the Applications Development Domain      Quarterly\n      Project Status Review                                           Quarterly\nSource: EFDS Project Office.\n\n\n\n\n                                                                              Page 22\n\x0c          ,   Oversight of the Electronic Fraud Detection System Restoration\n          i\n                        Activities Has Improved, but Risks Remain\n\n\n\n\n                                                                          Appendix VII\n\nElectronic Fraud Detection System Project Timeline\n\n\n\n\n                    Corporation for the period August 1,2006, through July 3 1,2007, with\n                    an estimated cost of $420,648 for providing and maintaining data-mining\n                    techniques used by the System.\n\n\n                    $1,500,000 for maintenance of the EFDS client-server application and\n                    the database supporting the application.\nSeptember 14,2006 The IRS approved a modification to an existing task order for the\n                  MITRE for the period July 3,2006, through December 3 1,2006. The\n                  modification had an estimated cost of $103,024 for independent\n                  assessments of the restoration activities.\n October 24,2006   The IRS approved a task order under the Treasury Information\n                   Processing Support Services - 3 contract for the CSC for the period\n                   November 1,2006, through February 24,2007, with an estimated cost of\n                   $3,080,004 for delivering a fully operational client-server-based EFDS\n                   for PY 2007.\n\n\n\n                                                                                   Page 23\n\x0c             Oversight of the Electronic Fraud Detection System Restoration\n                       Activities Has Improved, but Risks Remain\n\n\n\nNovember 6, 2006    The IRS completed loading the 2006 daily tax return information into the\n                    EFDS databases.\nDecember 6, 2006    The IRS completed its test of the System application that will be used in\n                    PY 2007.\nDecember 29, 2006   The IRS is scheduled to complete the loading of the System applications\n                    and 3 years of data into the production environment.\n January 8, 2007    The EFDS Security Certification and Accreditation is scheduled to be\n                    completed.\n January 16, 2007   The System is scheduled for implementation in the production\n                    environment.\n\n\n\n\n                                                                                      Page 24\n\x0c                Oversight of the Electronic Fraud Detection System Restoration\n                          Activities Has Improved, but Risks Remain\n\n\n\n                                                                              Appendix VIII\n\n                                  Glossary of Terms\n\nBusiness Case                        Required by Office of Management and Budget Circular\n                                     A-11 (Preparation, Execution, and Submission of the\n                                     Budget; dated June 2005) and commonly called Exhibit\n                                     300, Capital Asset Plan and Business Case. Each agency\n                                     must submit a business case twice each year for each\n                                     major information technology investment.\nClient-server                        A network architecture in which clients are personal\n                                     computers or workstations on which users run\n                                     applications. Clients rely on servers for resources such as\n                                     files, devices, and even processing power.\nContracting Officer\xe2\x80\x99s Technical      Furnishes technical direction, monitors contract\nRepresentative                       performance, and maintains an arm\xe2\x80\x99s-length relationship\n                                     with the contractor.\nCost-Plus-Fixed-Fee Contract         A cost-reimbursement contract that provides for payment\n                                     to the contractor of a negotiated fee that is fixed at the\n                                     inception of the contract. This contract type permits\n                                     contracting for efforts that might otherwise present too\n                                     great a risk to contractors, but it provides the contractor\n                                     only a minimum incentive to control costs.\nCost-Reimbursement Contract          A contract that provides for payment of allowable incurred\n                                     costs, to the extent prescribed in the contract.\nData Loads                           A process of placing data into a system or database.\nData-Mining Technique                A process of automatically searching large volumes of\n                                     data for patterns.\nEnterprise Life Cycle - Lite         A required system development methodology for all\n                                     nonmodernization projects.\nExecutive Steering Committee         A committee that oversees investments, including\n                                     validating major investment business requirements and\n                                     ensuring that enabling technologies are defined,\n                                     developed, and implemented.\n\n\n                                                                                         Page 25\n\x0c                Oversight of the Electronic Fraud Detection System Restoration\n                          Activities Has Improved, but Risks Remain\n\n\n\nFederally Funded Research and       An organization that uses private resources to accomplish\nDevelopment Center                  tasks that cannot be effectively completed by existing\n                                    Federal Government employees or contractors.\nFiling Season                       The period from January through mid-April when most\n                                    individual income tax returns are filed.\nInformation Technology              A portfolio required by Office of Management and Budget\nInvestment Portfolio                Circular A-11 and commonly referred to as an Exhibit 53.\n                                    This portfolio must be submitted with each agency\xe2\x80\x99s\n                                    annual budget submission and contains the information\n                                    technology investment title, description, amount, and\n                                    funding source.\nJoint Audit Management Enterprise   A system used to document and track the status of\nSystem                              recommendations from audit reports and their\n                                    corresponding corrective actions.\nMITS Enterprise Governance          The highest level recommending and decision-making\nCommittee                           body to oversee and enhance enterprise management of\n                                    information systems and technology. It ensures strategic\n                                    modernization and information technology program\n                                    investments, goals, and activities are aligned with and\n                                    support 1) the business needs across the enterprise and\n                                    2) the modernized vision of the IRS.\nMITS Enterprise Governance          A body that supports the MITS Enterprise Governance\nCommittee Investment                Committee in the realization of the IRS Capital Planning\nManagement Subcommittee             and Investment Control process and with the management\n                                    of the IRS information technology investment portfolio.\n                                    This Subcommittee provides general information\n                                    technology investment portfolio oversight, including\n                                    operational analysis reviews and reports, investment\n                                    prioritization recommendations, and recommendations for\n                                    adjustments to the IRS portfolio.\nPerformance-based Contract          A contract that provides for acquiring services on the basis\n                                    of required results rather than the methods of performing\n                                    the work and uses measurable performance standards\n                                    (e.g., in terms of quality, timeliness, quantity).\nProcessing Year                     The year in which tax returns and other tax data are\n                                    processed.\n\n\n                                                                                        Page 26\n\x0c                Oversight of the Electronic Fraud Detection System Restoration\n                          Activities Has Improved, but Risks Remain\n\n\n\nQuality Assurance Surveillance    A plan that ensures services provided by the contractor\nPlan                              meet contract requirements. It should specify the work\n                                  requiring surveillance and the method of surveillance.\nQuestionable Refund Program       An application running on the mainframe computer. The\nComputer Identification Program   Program was originally developed by the IRS Inspection\n                                  Service and run by the Internal Audit function (now the\n                                  Treasury Inspector General for Tax Administration Office\n                                  of Audit).\nSecurity Certification and        A security certification is an independent technical\nAccreditation                     evaluation, for the purpose of accreditation, that uses\n                                  security requirements as the criteria for the evaluation. An\n                                  accreditation is an authorization granted by a management\n                                  official to operate the system based on the evaluation of\n                                  the security controls.\nSenior Management Dashboard       A review attended by senior executives, contractors,\nReview                            program directors, and project managers to ensure\n                                  program directors and project managers are held\n                                  accountable for the project status (e.g., risk, cost,\n                                  schedule). Emphasis is placed only on problem areas or\n                                  notable status changes.\nSteady State                      Any information technology investment that is fully\n                                  operational.\nSystem Acceptability Testing      The process of testing a system or program to ensure it\n                                  meets the original objectives outlined by the user in the\n                                  requirement analysis document.\nTask Order                        An order for services placed against an established\n                                  contract or with Federal Government sources.\nTreasury Information Processing   Contracts, awarded in 2006, that provide a broad range of\nSupport Services-3                information technology-related services.\nWeb EFDS                          The EFDS development effort allowing users to access the\n                                  EFDS via the IRS Intranet.\nWeb Portal                        An Internet site or service that functions as a major\n                                  starting site for users to connect to a broad array of\n                                  resources and services, such as email, forums, research\n                                  tools, online shopping malls, etc.\n\n\n                                                                                        Page 27\n\x0c             Oversight of the Electronic Fraud Detection System Restoration\n                       Activities Has Improved, but Risks Remain\n\n\n\nWeb Request Tracking System   A web-based application that allows IRS personnel to\n                              prepare, approve, fund, and track requests for the delivery\n                              of goods and services. It also allows for electronic\n                              acceptance of items delivered and provides an electronic\n                              interface with the automated financial system for payment\n                              processing.\nWork Breakdown Structure      A project schedule used to manage the tasks, task\n                              relationships, and resources needed to meet project goals.\n\n\n\n\n                                                                                 Page 28\n\x0c   Oversight of the Electronic Fraud Detection System Restoration\n             Activities Has Improved, but Risks Remain\n\n\n\n                                                     Appendix IX\n\nManagement\xe2\x80\x99s Response to the Draft Report\n\n\n\n\n                                                            Page 29\n\x0cOversight of the Electronic Fraud Detection System Restoration\n          Activities Has Improved, but Risks Remain\n\n\n\n\n                                                         Page 30\n\x0cOversight of the Electronic Fraud Detection System Restoration\n          Activities Has Improved, but Risks Remain\n\n\n\n\n                                                         Page 31\n\x0c"